The FBI identified Paige Adele Thompson as the suspect accused of hacking Capital One’s system, accessing credit card applications and compromising personal data of more than 100 million people in the U.S. and Canada.
Thompson, 33, is facing a U.S. federal charge of computer fraud and abuse after being arrested in Seattle on Monday. The agency said her online bragging created a trail of breadcrumbs which inadvertently helped lead agents to her.
- Are you among the Canadians who have been directly affected by the Capital One data breach? Let us know.
According to the complaint, FBI honed in on Paige after information from the hack was found on a Thompson-linked profile page on GitHub, a website for sharing and collaborating on software code.
Thompson, who authorities allege often used the alias “ERRATIC” on message boards, is suspected of hacking into a Capital One computer sometime between March 12 and July 17, 2019.
Police allege she also shared files containing stolen Capital one data on the messaging application Slack.
Social media accounts connected to her are still online. On Twitter, a user with an account linked to Thompson and her alias posted pictures of a cat and wrote about coding and struggles with mental health.
“I have a whole list of things that will ensure my involuntary confinement from the world,” the user wrote on July 5, referring to checking herself into a facility for treatment. “The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”
According to court documents, Capital One provided the FBI with a screenshot of this same Twitter user direct-messaging someone: “I’ve basically strapped myself with a bomb vest, f--king dropping capitol ones dox and admitting it.”
A judge ordered Thompson to remain in custody until her bail hearing on Thursday, Bloomberg reported.
The Seattle woman faces up to five years in prison and a US$250,000 fine if she’s convicted.
SHE WAS AMAZON WEB SERVICES EMPLOYEE IN 2015, 2016
The New York Times reported Thompson was a former employee of Amazon Web Services. On a resume she posted online, she appeared to work there from 2015 to 2016. Bloomberg confirmed she last worked there in 2016.
She also ran a small group of hackers and programmers on Meetup, a site geared toward organizing real-life gatherings.
In another of her online profiles, she described herself as being employed by hosting company Netcrave Communications. And, in her resume, she said was also a former software engineer at Seattle Software Systems and ConnectXYZ LLC.
She also attended but didn’t graduate from Bellevue Community College in Washington state.
HACK IMPACTED 6 MILLION CREDIT CARDS IN CANADA
In a press release on July 29, Capital One publicly disclosed news of the massive data breach and explained it didn’t appear that the stolen data was used for any fraudulent purposes.
The breach at the Virginia-based bank affected 140,000 U.S. Social Security numbers, 80,000 bank account numbers; and 100 million U.S. credit card applications, as well as another six million applications in Canada.
The statement added the “largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
